MUMBAI: HBO, the US cable channel and a unit of Time Warner, accepted last week that the company has been on the receiving end of a cyberattack, which has resulted in theft of proprietary information, including some upcoming programmes.

The incident is similar to the Sony Pictures hack in December 2014, which was one of the biggest attacks on an entertainment company until then. Almost 200 gigabytes (GB) of data was stolen, including and not limited to personal information about employees and their families, emails, executives’ salaries, and copies of then-unreleased Sony films. The HBO hackers have claimed that they have access to 1.5 terabytes of data, which is roughly 7 times that of Sony.

But it is not just international companies that are being targeted. Closer home, an unreleased episode of HBO’s most premium property, Game of Thrones, was leaked online — with a Star India watermark earlier this month. Many Bollywood (and other language) movies keep getting leaked online on the day of release and, in some cases, even before that.

“For a media company, any cyberattack can go to the core of our business — the precious media content. And that can be disastrous, to say the least. We have seen recent hacks where original programming has been stolen, and for any media company that is something absolutely non-negotiable. With all digital environments today, it is all the more important to protect your businesses. Attacks like these are direct strikes at the core of media businesses,” said Rajneesh Mittal, chief technology officer, Zee Entertainment Enterprises.

Amit Jaju, partner and head of forensic technology and discovery services at EY, feels there is low respect for intellectual property in India. “Everyone knows that downloading torrents or from other websites is illegal, but there is low compliance with laws” Jaju told ET.

Also, sophisticated cyberattacks like Ransomware are demonstrating the need for enhanced internal security protocols and controls within organisations to minimise the threat profile from such targeted attacks.

Constant vigilance and adequate preparedness are the need of the hour. And while many of the companies are focusing on monitoring, the bigger question is, how safe are these companies against cyber threats.

As Sony Pictures Networks India (SPN) puts it, “Content and content management are the IP for any media organisation, and in today’s digital era, protecting one’s IP is of utmost priority.” In a written reply, the company, whose parent firm faced the worst cyberattack, said that it has various policies and security tools in place that ensure that its systems are well guarded and protected from such threats.

“Within SPN, our defined security policies and the real-time vulnerability management systems take care of identifying any vulnerability within systems diligently so that the appropriate patches and other actions can be implemented. On the peripheral security systems, SPN has deployed state of the art firewall/intrusion management system to protect any unauthorised entry. There are other tools deployed with the Security Operating Center (SOC) services to nullify attempts to hack into our systems,” SPN said.

Jaju said ethics and professionalism at the lower ranks is a concern. “This seems to be more of a people problem rather than a technology problem. In a lot of leaks, cyber threats exploit insiders. They give in because of greed, or do not follow the process, or are targeted for their access,” he said. “In majority of cases... employees were the weak link.”

Baskar Subramanian, co-founder at media-tech company Amagi Media Labs, added that technology is not a problem. “The weakest link or vulnerability in the entire chain are the employees or internal teams.”

Mails sent to Star India and Viacom18 did not elicit any response till press time.

Several people ET spoke with about Ericsson’s India operations, including its current and former employees, said the Stockholm-based firm has reduced headcount in the last one year or so across functions, in line with its global restructuring.